Johann Rehberger

**Name of the Vulnerable Software and Affected Versions** M365 Copilot (affected versions not specified) **Description** An improper neutralization of special elements used in a command ('command injection') exists in M365 Copilot. This allows an unauthorized attacker to disclose information over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GitHub Copilot (affected versions not specified) Visual Studio 2022 versions prior to 17.14.12 **Description** Improper neutralization of special elements used in a command, known as command injection, in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. This issue is linked to insufficient validation of arguments passed to a command and can be triggered via prompt injection, which is a technique used to manipulate Large Language Models (LLMs) by providing specially crafted inputs to override original instructions. **Recommendations** Update Visual Studio 2022 to version 17.14.12. At the moment, there is no information about a newer version that contains a fix for this vulnerability regarding GitHub Copilot.